This is surprisingly non-trivial especially when the nis schema for openldap is more documented than the samba one when I use to run samba-ad-dc. I have the nslcd.conf attatched.
On 08/14/16 13:50 -0400, John Lewis wrote:
Subject: nslcd listing users and groups twice
This is surprisingly non-trivial especially when the nis schema for openldap is more documented than the samba one when I use to run samba-ad-dc. I have the nslcd.conf attatched.
What command are you running which duplicates data? What are the contents of your nsswitch.conf?
The commands return duplicate data is getent passwd and getent group, if I don't add a specific user as a parameter in the command.
# /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: compat ldap group: compat ldap shadow: compat ldap
hosts: files dns ldap networks: files ldap
protocols: files ldap services: files ldap ethers: files ldap rpc: files ldap
netgroup: files ldap automount: files ldap sudoers: files ldap
On 08/15/2016 09:39 AM, Dan White wrote:
On 08/14/16 13:50 -0400, John Lewis wrote:
Subject: nslcd listing users and groups twice
This is surprisingly non-trivial especially when the nis schema for openldap is more documented than the samba one when I use to run samba-ad-dc. I have the nslcd.conf attatched.
What command are you running which duplicates data? What are the contents of your nsswitch.conf?
On 08/15/16 14:50 -0400, John Lewis wrote:
The commands return duplicate data is getent passwd and getent group, if I don't add a specific user as a parameter in the command.
# /etc/nsswitch.conf
passwd: compat ldap group: compat ldap
Are you using netgroups in /etc/passwd?
On 08/14/16 13:50 -0400, John Lewis wrote:
uid nslcd gid nslcd uri ldap://localhost base dc=d,dc=oflameo,dc=com ldap_version 3 binddn cn=ldap-connect,ou=Users,dc=d,dc=oflameo,dc=com bindpw x tls_cacertfile /etc/ssl/certs/ca-certificates.crt base dc=d,dc=oflameo,dc=com filter passwd (objectClass=posixAccount) filter group (objectClass=posixGroup) map passwd uid uid map passwd uidNumber uidNumber map passwd loginShell loginShell map passwd homeDirectory homeDirectory map passwd gecos gecos map passwd gidNumber gidNumber map group member member bind_timelimit 60 timelimit 60 idle_timelimit 300
Do you have multiple users which meet the above criteria?
I don't use netgroups. I actually never seen net groups in use.
On 08/15/2016 03:55 PM, Dan White wrote:
On 08/15/16 14:50 -0400, John Lewis wrote:
The commands return duplicate data is getent passwd and getent group, if I don't add a specific user as a parameter in the command.
# /etc/nsswitch.conf
passwd: compat ldap group: compat ldap
Are you using netgroups in /etc/passwd?
On 08/14/16 13:50 -0400, John Lewis wrote:
uid nslcd gid nslcd uri ldap://localhost base dc=d,dc=oflameo,dc=com ldap_version 3 binddn cn=ldap-connect,ou=Users,dc=d,dc=oflameo,dc=com bindpw x tls_cacertfile /etc/ssl/certs/ca-certificates.crt base dc=d,dc=oflameo,dc=com filter passwd (objectClass=posixAccount) filter group (objectClass=posixGroup) map passwd uid uid map passwd uidNumber uidNumber map passwd loginShell loginShell map passwd homeDirectory homeDirectory map passwd gecos gecos map passwd gidNumber gidNumber map group member member bind_timelimit 60 timelimit 60 idle_timelimit 300
Do you have multiple users which meet the above criteria?
I figured it out.
I had a duplicate search base in the nslcd.conf.
On 08/15/2016 07:38 PM, John Lewis wrote:
I don't use netgroups. I actually never seen net groups in use.
On 08/15/2016 03:55 PM, Dan White wrote:
On 08/15/16 14:50 -0400, John Lewis wrote:
The commands return duplicate data is getent passwd and getent group, if I don't add a specific user as a parameter in the command.
# /etc/nsswitch.conf
passwd: compat ldap group: compat ldap
Are you using netgroups in /etc/passwd?
On 08/14/16 13:50 -0400, John Lewis wrote:
uid nslcd gid nslcd uri ldap://localhost base dc=d,dc=oflameo,dc=com ldap_version 3 binddn cn=ldap-connect,ou=Users,dc=d,dc=oflameo,dc=com bindpw x tls_cacertfile /etc/ssl/certs/ca-certificates.crt base dc=d,dc=oflameo,dc=com filter passwd (objectClass=posixAccount) filter group (objectClass=posixGroup) map passwd uid uid map passwd uidNumber uidNumber map passwd loginShell loginShell map passwd homeDirectory homeDirectory map passwd gecos gecos map passwd gidNumber gidNumber map group member member bind_timelimit 60 timelimit 60 idle_timelimit 300
Do you have multiple users which meet the above criteria?
openldap-technical@openldap.org
-
Dan White -
John Lewis